Tuesday, August 4, 2009

Finally, A Reasonable Plan for Certification of EHR Technologies

by DAVID C. KIBBE and BRIAN KLEPPER

A caution to readers: This post is about methods for certifying Electronic Health Record (EHR) technologies used by physicians, medical practices, and hospitals who hope to qualify for federal incentive payments under the so-called HITECH portion of the American Recovery and Reinvestment Act (ARRA). It may not be as critical as the larger health care reform effort or as entertaining as Sarah Palin, but it WILL matter to hundreds of thousands of physicians, influencing how difficult or easily those in small and medium size practices acquire health IT. And indirectly for the foreseeable future, it could affect millions of Americans patients, their ability to securely access their medical records, and the safety, quality, and the cost of medical care.

Three weeks ago, on July 14-15, 2009, the ONC's Health IT Policy Committee held hearings in DC to review and consider changes to CCHIT's current certification process. The Policy Committee is one of two panels formed to advise the new National Coordinator for Health IT, David Blumenthal. In a session that was a model of open-mindedness and balance, the Committee heard from all perspectives: vendors, standards organizations, physician groups, and many others.

And then, on July 16, they released their final recommendations on what is now referred to as "HHS Certification." The effects of their recommendations - these are available online and should be read in their entirety to grasp their extent - are potentially monumental, and could very positively change health IT for the foreseeable future.

At the heart of these hearings was the issue of who will define the certification criteria and who will evaluate vendors' products. Among many others, we have voiced concerns that the Certification Commission for Health Information Technology (CCHIT), the body currently contracted by HHS to perform EHR certification, has been partial to traditional health IT vendors in defining the certification criteria, and in the ways certification is carried out, and thereby able to inhibit innovation in this industry sector. Despite its leaders' claims that the certification process has been developed using an open framework, CCHT's obvious ties to the old guard IT vendors have created an overwhelming appearance of conflict of interest. That appearance has not been refuted by CCHIT's resistance to and delays in implementing interoperability standards, or by its focus on features and functions over safety, security, and standards compliance.

In the hearings that led to the recommendations, longtime IT watchers were treated to some extraordinary commentary, much of which dramatically undermined CCHIT's position.
  • Dr. William Stead from Vanderbilt recommended a narrow focus for certification on 'data liquidity' and solving the problem of health data exchange (i.e., interoperability) of summary health information. Dr. Stead supported the idea of separating the data from the applications, which we have written about in our blogs on several occasions.
  • Two very experienced Technology Standards professionals, Cita Furlani and Gordon Gillerman of the National Institute of Standards and Technology (NIST) laid out the international standards-based framework for Conformity Assessment, one small part of which is certification, testing for which is always performed by Third Parties. They pointed out that under this framework, Third Parties are by definition independent and unbiased, and required to not have financial interests in the outcomes of the certification process.
  • In more on-the-ground testimony, Paula Anthony, CIO at East Texas Regional Medical Center, described her organization's decision, after a multi-million dollar investment, to jettison one CCHIT-certified EHR product because it could not reliably and safely exchange data with another CCHIT-certified HIT product. If there was ever a succinct indictment of the failures of CCHIT, this was it, and everyone in the room knew it.
The recommendations released the day after the public sessions reflected these concerns. Among the Policy Committee's major recommendations:

A New Certification Definition
"HHS Certification means that a system is able to achieve government requirements for security, privacy, and interoperability, and that the system would enable the Meaningful Use results that the government expects...HHS Certification is not intended to be viewed as a 'seal of approval' or an indication of the benefits of one system over another."

In other words, as the definition of Meaningful Use is now tied to specific quality and safety improvements and cost savings that result from health IT -- among them e-Prescribing, quality and cost reporting, data exchange for care coordination, and patient access to summary health data -- HHS Certification will closely follow. Rather than pertain to an EHR's long list of features and functions, some of which have nothing to do with Meaningful Use, certification will be focused on each IT system's ability to enable practices and hospitals to collect, store, and exchange health data securely.

Who Determines the Certification Criteria
The Office of the National Coordinator - not CCHIT - would determine certification criteria, which "should be limited to the minimum set of criteria that are necessary to: (a) meet the functional requirements of the statute, and (b) achieve the Meaningful Use Objectives." As regulator, funder for this project, and a major purchaser of health services, the government, not users or vendors, will now determine HHS' Certification criteria.

A New Emphasis on Interoperability
"Criteria on functions/features should be high level; however, criteria on interoperability should be more explicit." That is, functions/features criteria will be broadly defined, but there will be a greater focus in the future on the specifics associated with bringing about straightforward data exchange.

Multiple Certifying Organizations
ONC would develop an accreditation process and select an organization to accredit certifying organizations, then allow multiple organizations to perform certification testing. In other words, the Committee recommended that CCHIT's monopoly end .

Third Party Validation
The "Validation" process would be redefined to prove that an EHR technology properly implemented and used by physician or hospital can perform the requirements of Meaningful Use. Self-attestation, along with reporting and audits performed by a Third Party, could be used to monitor the validation program.

Broader Interpretation of HHS Certification
HHS Certification would be broadly interpreted to include open source, modular, and non-vendor EHR and PHR technologies and their components.

These bold, forward-thinking proposals from the HIT Policy Committee have not been accepted yet. But in our opinion they should be. These measures would encourage new technologies to enter the market for physician medical practices seeking EHR technology, and wrest control away from the legacy health IT vendors that have maintained barriers and delayed adoption, so you can be sure that the old guard players are doing everything possible to have them rejected.

But these are hugely progressive steps in the right direction, toward allowing HIT to enable improvements in care and cost efficiencies that would be in the best interests of users and the public at large. If implemented, the changes recommended by the HIT Policy Committee would create greater choice, more standardization, lower price, less interruption of the practices -- as well as a check from CMS or Medicaid each year to help smooth the implementation, starting in 2011.

David C. Kibbe MD MBA is a Family Physician and Senior Advisor to the American Academy of Family Physicians who consults on health care professional and consumer technologies. Brian Klepper PhD is a health care market analyst. Their collected collaborative columns may be found here.

Subscribe

Avoid having to check back. Subscribe to Health Care Policy and Marketplace Review and receive an email each time we post.

Blog Archive